randomize_va_space vs PAX aslr

Discuss and suggest new grsecurity features

randomize_va_space vs PAX aslr

Postby mohitbansal111 » Wed Jul 27, 2011 6:32 am

Hi

I have one little query !!!!

As now linux kernel also introduce address randomization..
so what is the status of PAX ASLR???
Is we really need to use PAX ASLR for our linux kernel(2.6.35) or randomize_va_space alone is satisfy our need???
Also is both of them work together effectly???

Is PaX ALSR code alone is available (without MProtect , NX etc) ??

-Mohit
mohitbansal111
 
Posts: 6
Joined: Mon Jul 18, 2011 3:49 am

Re: randomize_va_space vs PAX aslr

Postby spender » Wed Jul 27, 2011 7:56 am

The two don't work the same. For instance, PaX ignores provided mmap hints and applies the randomized layout to such mappings. Vanilla honors the hint. Vanilla also doesn't randomize when prelinking is used: PaX does. The number of bits randomized for each area is also significantly higher with PaX. We also support ASLR on many more architectures than vanilla. We also haven't had the numerous infoleaks against ASLR vanilla has had. We also feature with no configuration the functionality required to deter bruteforcing against ASLR locally and remotely.

-Brad
spender
 
Posts: 2185
Joined: Wed Feb 20, 2002 8:00 pm

Re: randomize_va_space vs PAX aslr

Postby mohitbansal111 » Wed Jul 27, 2011 8:32 am

Thanks 4 ur reply !!!
Is there any document which describe about the functional flow of PAX in linux kernel ???
Also I need only ASLR for my project.. is it possible ???

-Mohit
mohitbansal111
 
Posts: 6
Joined: Mon Jul 18, 2011 3:49 am

Re: randomize_va_space vs PAX aslr

Postby spender » Wed Jul 27, 2011 8:36 am

There is no ASLR-only patch. The only documentation for it exists at http://pax.grsecurity.net/docs/aslr.txt

-Brad
spender
 
Posts: 2185
Joined: Wed Feb 20, 2002 8:00 pm

Re: randomize_va_space vs PAX aslr

Postby mohitbansal111 » Wed Jul 27, 2011 1:08 pm

I already go through that but this document is very old :cry:
There is lot of changes is done in the linux kernel after that document...
Its is not match with today linux kernel code :-?
mohitbansal111
 
Posts: 6
Joined: Mon Jul 18, 2011 3:49 am

Re: randomize_va_space vs PAX aslr

Postby mohitbansal111 » Thu Jul 28, 2011 11:18 am

Yet another query :o

In file fs/binfmt_elf.c , function randomize_stack_top have :

#ifdef CONFIG_PAX_RANDUSTACK
if (randomize_va_space)
return stack_top - current->mm->delta_stack;
#endif

Is this code mean the PAX aslr & randomize_va_space work together as this code is executed when randomize_va_space>0 or I am thinking wrong ????

-Mohit
mohitbansal111
 
Posts: 6
Joined: Mon Jul 18, 2011 3:49 am

Re: randomize_va_space vs PAX aslr

Postby spender » Thu Jul 28, 2011 12:58 pm

It means PaX's ASLR honors the randomize_va_space sysctl setting (at least in the on/off sense).

-Brad
spender
 
Posts: 2185
Joined: Wed Feb 20, 2002 8:00 pm


Return to grsecurity development